THE DATA RECOVERY EXPERTS

NEWSLETTER

Reusing passwords leaves us vulnerable if one account is hacked, so we’re advised to use a different password for each service. But how can we possibly remember dozens of complex character strings for Facebook, Gmail, eBay, PayPal, online banking and more? Especially when many systems require us to change those passwords every 3-6 months?

One option is to rely on password management tools, but if these tools are themselves breached, then all our other passwords are exposed. So in the end, many people take the easy option and use memorable, plain text passwords for most online services.

Unfortunately, these simple passwords tend to be weak and easily cracked. Each year, SplashData publishes the most commonly used passwords identified over the previous twelve months. As usual, simple passwords like “password” and “123456” were at the top of the list, along with other popular options such as “qwerty”, “football”, “welcome”, and new entry to the list this year, “starwars”.

Technology firms like Apple, Yahoo and Google are attempting to devise ways to replace the ubiquitous password. The latest iPhones come with fingerprint scanners, and Google lets users verify their identities by sending a code to their mobile phone via SMS. But these alternatives have their own risks. Your fingerprint can be collected from anything you touch, and your mobile phone can be lost or stolen.

For the time being, the best option is to combine strong, unique passwords with a secondary method of identification such as fingerprint scan or SMS code. This is known as two-factor authentication, and is much harder to crack since hackers would need to know both your password and have access to your phone, for example. So while two-factor authentication is more time consuming to implement, it’s better than having your online identity compromised.